From: Sam Vilain (sam_at_vilain.net)
Date: Fri 21 Feb 2003 - 03:48:08 GMT
On Fri, 21 Feb 2003 05:26, Jonathan Sambrook wrote:
> continue;
> +#if defined CONFIG_CTX_SYSCTLS
> + // Cloak /proc/sys/kernel/ctx outside of root ctx unless
> explicitly visible + if( de->namelen == 3 && !strcmp("ctx",
> de->name) &&
> + current->s_context != 0 && !sysctl_ctx_unsafe_sysctrls )
> + continue;
> +#endif
> if (!memcmp(dentry->d_name.name, de->name,
> de->namelen)) {
A hack I see, hmm? :-)
Perhaps it would be better to add a capabilities mask to the proc_dir_entry
structure in include/linux/proc_fs.h; then you can turn this test into a
bitwise test. Furthermore, you can then go around easily masking /proc
entries you don't want people to see (like /proc/scsi/*). Best of all, it
wouldn't appear to be vserver-specific, just enhancing the capabilities
system.
However, I think the patch you suggest for the /proc/fs/array.c is probably
a good idea. I will use your work as a fine example as what I need to do
for the userland implementation of my scheduling controls, and put them in
the same place.
Are you truly interested in deceiving the user ? Or just want to make sure
they can't get at things in /proc they shouldn't be able to see?
-- Sam Vilain, sam_at_vilain.netSoftware suppliers are trying to make their software packages more user-friendly [....] Their best approach, so far, has been to take all the old brochures, and stamp the words, 'user-friendly' on the cover. BILL GATES